Automatic S/MIME cert import should use additional verification using mozilla::pkix
Categories
(MailNews Core :: Security: S/MIME, enhancement, P1)
Tracking
(thunderbird_esr78 wontfix, thunderbird_esr91+ fixed, thunderbird95 fixed)
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Keywords: sec-critical)
Attachments
(3 files)
|
48 bytes,
text/x-phabricator-request
|
rjl
:
approval-comm-esr91+
|
Details | Review |
|
9.88 KB,
patch
|
rjl
:
approval-comm-beta+
|
Details | Diff | Splinter Review |
|
797 bytes,
patch
|
rjl
:
review+
|
Details | Diff | Splinter Review |
When processing incoming S/MIME email that is digitally signed, we:
- (a) perform a check of the signature, including verification of the signing certificate
- (b) import the certificates that are found inside the signature, because they might be necessary for verifying the signing certificate, and also for making it possible to use these certificates in the future for encryption
The classic NSS verification is limited in its ability to perform revocation checking, in particular the current configuration used by the Gecko platform has trouble with a proxy configuration.
In addition the S/MIME implementation in NSS is hardcoded to use the classic NSS verification APIs.
Therefore in bug 324474, we had added an additional check at the mail code level. In bug 813418 that code was later upgraded to use the mozilla::pkix for an initial validity check.
However, that additional check is limited to check the signature certificate. Earlier, we perform import of certificates that are bundled with the signature.
This bug suggests that we perform the additional check for all certificates that we are automatically importing, too.
We should expedite adding this check, therefore I'm using a workaround that involves copying some internal NSS code to the Thunderbird code. At a later time, we should clean this up by adding a new API to NSS, that allows the mail code to perform its own additional checks using a callback. (The design of the new API can be discussed at a later time, when we perform the cleanup.)
It was noticed that the mozilla::pkix code doesn't support checking DSA certificates nor RSA-PSS certificates.
This means, because of the existing checks, we never show signatures from such certificates as valid. I couldn't find any bug report in the S/MIME component mentioning the classic DSA algorithm, so apparently nobody has ever complained that DSA cert signatures are always reported in Thunderbird as invalid. And it's already known that RSA-PSS is not yet supported by the Thunderbird S/MIME code (bug 1597202).
Therefore I'm not worried that the suggested change will extend this limitation to the automatic certificate import from incoming email, it seems unlikely that it will have a relevant impact.
|
Assignee | |
Comment 1•3 years ago
|
||
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 3•3 years ago
|
||
Note the patch in phabricator applies to comm-esr91.
comm-central needs a slightly merged patch, I'm attaching it here.
|
||
Comment 4•3 years ago
|
||
Looks good to me.
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 5•3 years ago
|
||
Comment on attachment 9248548 [details] [diff] [review]
1738501-cc.patch
[Triage Comment]
Approved for ers91
|
|
||
Comment 6•3 years ago
|
||
Comment on attachment 9248476 [details]
Bug 1738501 - Add check using mozilla::pkix to some more scenarios. r=mkmelin
[Triage Comment]
Approved for beta
|
||
Comment 7•3 years ago
|
||
Comment on attachment 9248476 [details]
Bug 1738501 - Add check using mozilla::pkix to some more scenarios. r=mkmelin
[Triage Comment]
This is the c-esr91 version.
|
|
||
Comment 8•3 years ago
|
||
Comment on attachment 9248548 [details] [diff] [review]
1738501-cc.patch
[Triage Comment]
For c-central and c-beta (95b1)
Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/2ff7d3a75e8f
Add check using mozilla::pkix to some more scenarios. r=mkmelin
|
|
||
Comment 10•3 years ago
|
||
| bugherder uplift | ||
Thunderbird 91.3.0:
https://hg.mozilla.org/releases/comm-esr91/rev/54507526da82
|
|
Assignee | |
Comment 11•3 years ago
|
||
Add required symbols for linking.
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 12•3 years ago
|
||
|
|
||
Comment 13•3 years ago
|
||
| bugherder uplift | ||
Thunderbird 95.0b1:
https://hg.mozilla.org/releases/comm-beta/rev/ad434a0dbe8b
https://hg.mozilla.org/releases/comm-beta/rev/2897d53eb065
|
|
Assignee | |
Updated•3 years ago
|
|
|
||
Comment 14•3 years ago
|
||
| bugherder uplift | ||
Thunderbird 91.3.0:
https://hg.mozilla.org/releases/comm-esr91/rev/bea1eb4e98a3
|
|
||
Updated•3 years ago
|
|
|
||
Comment 15•3 years ago
|
||
|
|
||
Comment 16•3 years ago
|
||
Assigning CVE-2021-43529. Since this happened to protect Thunderbird users from the worst effects of bug 1737470 it's effectively a security fix.
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 17•3 years ago
•
|
||
Suggested advisory text:
CVE-2021-43529:
title: Memory corruption when processing S/MIME messages
impact: critical
reporter: Tavis Ormandy
description: |
Thunderbird versions prior to 91.3.0 are vulnerable to the heap
overflow described in CVE-2021-43527 when processing S/MIME messages.
Thunderbird versions 91.3.0 and later will not call the vulnerable code
when processing S/MIME messages that contain certificates with
DER-encoded DSA or RSA-PSS signatures.
bugs:
- url: 1738501
Description
•